The Schwartz Cloud Reportby Jeffrey Schwartz, Executive Editor

MSPAlliance Releases New Audit Standards

The MSPAlliance has instituted a new certification standard for cloud and managed service providers that aims to provide more transparency to customers.

The MSPA's Unified Certification Standard, or UCS, provides an auditing framework by which MSPs and cloud providers can offer more public-facing information about how their operations are run and safeguarded.

"It will encourage MSPs to be more transparent with how they do things, especially the cloud providers," said Charles Weaver, president and co-founder of the MSPA, in an interview.

"Cloud providers need to have more openness in who has access to data, where do the datacenters reside, where is the helpdesk," he said. "Just basic things like that. They're historically not open with that information unless they are asked. Now they can do it in a much safer way."

The MSPA has arranged for the accounting and auditing firm of Frost PLLC to perform audits for members based on the UCS standard. The audits will gather information on various control objectives such as how duties are segregated by the service provider to ensure there are checks and balances, how data is encrypted and where data is stored.

UCS mimics a SAS 70 report, Weaver said. Level 1 UCS audits are based on information gathered during a fixed certification period by which a provider shares what controls are in place. Level 2 tests those controls over a period of time and are forward-looking, Weaver explained.

"So there will be a greater level of assurance to the end user in a Level 2 [audit] because that's basically saying, 'Not only were controls in place as of this date but they carried forth over a period of time and we examined and tested them over a period of time,'" he said.